This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Building consensus over DNSSEC enhancements to glibc.
- From: Paul Wouters <pwouters at redhat dot com>
- To: Rich Felker <dalias at libc dot org>, Simo Sorce <simo at redhat dot com>
- Cc: Petr Spacek <pspacek at redhat dot com>, libc-alpha at sourceware dot org
- Date: Tue, 17 Nov 2015 09:37:01 +0900
- Subject: Re: Building consensus over DNSSEC enhancements to glibc.
- Authentication-results: sourceware.org; auth=none
- References: <563D0953 dot 9020707 at redhat dot com> <56407C19 dot 2080906 at redhat dot com> <20151109180310 dot GO3818 at brightrain dot aerifal dot cx> <5649A3F3 dot 2060309 at redhat dot com> <20151116161642 dot GQ3818 at brightrain dot aerifal dot cx> <564A0FED dot 9010408 at redhat dot com> <20151116181740 dot GS3818 at brightrain dot aerifal dot cx> <564A1E3E dot 5090703 at redhat dot com> <20151116182322 dot GU3818 at brightrain dot aerifal dot cx> <564A211E dot 7060002 at redhat dot com> <20151116185203 dot GV3818 at brightrain dot aerifal dot cx>
On 11/17/2015 03:52 AM, Rich Felker wrote:
> I'm not saying that doing this contributes anything to security in the
> "hopelessly insecure configurations". I'm saying that there's nothing
> meaningful to report to the application in proper configurations, and
> that in the "hopelessly insecure configurations" reporting trust info
> that can't actually be trusted is irresponsible and harmful.
So I guess we are stuck with the "postfix method", meaning that every single application will have to check resolv.conf to see if it only contains 127.0.0.1,
do the query, recheck resolv.conf, pray there is no race condition, and trust the AD bit if the entry for both checks was only 127.0.0.1.
It also makes the res_* interface and getaddrinfo() obsolete in my opinion.
I guess it is a good thing that IANA today assigned an Early Code Point for draft-ietf-dnsop-edns-chain-query
http://www.iana.org/assignments/dns-parameters
I guess we should focus on developing a parameter compatible secure version of getaddrinfo() that tries to use edns-chain-query with a fallback to regular
queries so that applications that consume public keys from the DNS have a way of trusting the AD bit returned in the right circumstances. And doing so
with minimal changes to the application.
Paul